1. Field of the Invention
This invention relates generally to security devices and systems for controlling access to a computer via a remote computer terminal. More particularly, this invention relates to encryption/decryption methods and devices designed to be interposed between the computer and the remote terminal, but the method of this invention is adaptable to encrypt and decrypt any digital communication link.
2. Description of the Prior Art
Generally in data communications there is provided communicating terminals controlled by keyboard devices arranged to input a character code to the computer terminal in response to a keyboard character selection. Each terminal is typically comprised of a computer which is interconnected by cable or other medium, including electromagnetic waves, to one or more other computers. These interconnections may also include modems to interconnect the computers and terminals through phone lines.
Private data communications has attained increased priority in recent years. While the need for and volume of the data communication links have increased in recent years, the most significant increase has occurred in the area of security requirements since once a computer is on-line with a modem, it may be accessed by anyone with a terminal and a compatible modem.
Early security techniques involved the use of a password, a method which is still popular and effective for a first level of security. Anyone seeking access to a computer from a terminal is required to enter a user identification number or character string and an associated password into the terminal seeking access. This system is fairly effective in an environment where the access to all terminals could be controlled, but was found to be ineffective when modems are used and unlimited access to the computer can be obtained. The problem is that any accessing computer can be programmed to break the computer security codes when this unlimited access occurs. Little security risk exists if access can be strictly controlled, but with the vast numbers of small personal computers and computer controlled modems in existence today, it has become relatively easy and relatively popular to program the personal computers to try all of the potential combinations of user identification codes and associated passwords. When the remote computer terminal discovers the correct code, it is allowed full access to any of the data on that system.
Several devices have been marketed and are currently in use which address this problem and provide limited protection against unauthorized access. The "call back" modem is pre-programmed to dial, or call back, a specific prearranged phone number whenever it receives a password. Thus a caller seeking access, which caller must be at a specific phone number, sends a certain password via its computer terminal transmission port and modem. Upon receiving the password, the modem at the receiving computer introduces a second level of security by calling back a certain preselected phone number to allow access only to that terminal and modem at that specific phone number location. Unfortunately, this system works for only limited phone locations and must be changed every time the accessing terminal is moved to a new location.
To further increase security it is necessary to provide control of the individuals using accessing terminals. While the user identification and password are useful at a first level of security with the unsophisticated user, it is ineffective against the knowledgeable user. Tougher solutions involve segregating sensitive and confidential files and confining those files to a controlled access facility. The theory is that controlling access to the facility is more readily accomplished than limiting access to data and fles within a computer from someone who has gained access.
Clearly the need is recognized for an improved method of providing security which is not only cost effective, but also extremely difficult to bypass. Moreover, the preferred system would be isolated from the computer to separate accessing control physically from the computer to be accessed.